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AMENDMENTS TO THE CLAIMS 

Claims 1-8 are canceled. 

9. (Previously Presented) A data transfer system comprising: 
a key facility; 

a sender facility configured to communicate with the key facility, the sender facility 
comprising: 

a first encryption module configured to encrypt data for an intended recipient, 
wherein a first encrypted part and a remaining encrypted part are produced, the first encrypted 
part carrying information for decryption of the remaining encrypted part such that the remaining 
encrypted part can be decrypted only after decrypting the first encrypted part; 

a second encryption module configured to encrypt the first encrypted part so as to 
produce a third encrypted part, the third encrypted part being decryptable only by the key facility; 

a combiner configured to combine the third encrypted part with the remaining 
encrypted part to produce a data block, and 

a first transmitter configured to send the data block; and 
a receiver facility configured to commtmicate with the key facility, the receiver facility 
comprising: 

a receiver configured to receive the data block; 

a splitter configured to split the data block into the third encrypted part and the 
remaining encrypted part; and 

a command module configured to generate a request for the key facility to decrypt 
the third encrypted part, wherein the first encrypted part is recovered, the receiver further 
adapted to receive the first encrypted part from the key facility; 
wherein the key facility further comprises: 

a first decryption module configured to decrypt the third encrypted part after 
receipt of the request from the receiver facility, wherein the first encrypted part is 
recovered; and 

a second transmitter configured to send the first encrypted part to the receiver 
facility; and 



-2- 



Appl. No. 
Filed 



09/787,784 
July 30, 2001 



wherein the receiver facihty further comprises a second decryption module configured to 
decrypt the first encrypted part so as to enable the subsequent decryption of the remaining 
encrypted part. 

10. (Previously Presented) The system of Claim 9, wherein the sender facility includes a 
signature module to sign the data block. 

1 1 . (Previously Presented) The system of Claim 9, wherein the first transmitter is 
configured to send the data block to the key facility, and wherein the key facility further includes 
a receiver configured to receive the data block and to forward the data block to the receiver 
facility. 

12. (Previously Presented) The system of Claim 11, wherein the key facility further 
includes a log module configured to log receipt of the data block. 

13. (Previously Presented) The system of Claim 9, wherein the receiver facility is 
configured to communicate with the key facility and the sender facility, and wherein the first 
transmitter is configured to send the data block to the receiver facility, the receiver facility further 
comprising a receiver to receive the data block. 

14. (Previously Presented) The system of Claim 13, wherein the key facility further 
comprises a log module configured to log receipt of the third encrypted part. 

15. (Previously Presented) The system of Claim 9, wherein the key facility further 
comprises a log module configured to log receipt of the request for decryption of the third 
encrypted part as proof of delivery of the data block to the receiver facility. 

16. (Previously Presented) The system of Claim 15, wherein the sender facility further 
comprises a delivery module configured to request proof of delivery information from the key 
facility. 
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17. (Previously Presented) The system of Claim 9, wherein the key facility is a trusted 
third party. 

18. (Previously Presented) A method of data transfer, comprising: 

at a sender facility: 

encrypting data for an intended recipient, wherein a first encrypted part and a 
remaining encrypted part are produced, the first encrypted part carrying information for 
decryption of the remaining encrypted part such that the remaining encrypted part can be 
decrypted only after decrypting the first encrypted part; 

encrypting the first encrypted part to produce a third encrypted part, the third 
encrypted part being decryptable only by the key facility; 

combining the third encrypted part with the remaining encrypted part to produce a 
data block, and 

sending the data block; 

at a receiver facility: 

receiving the data block; 

splitting the data block into the third encrypted part and the remaining encrypted 
part; and 

generating a request for the key facility to decrypt the third encrypted part; 
at the key facility: 

decrypting the third encrypted part after receipt of the request from the receiver 
facility, wherein the first encrypted part is recovered, and 

transmitting the first encrypted part to the receiver facility; and 
at the receiver facility: 

receiving the first encrypted part from the key facility; and 
decrypting the first encrypted part so as to enable the subsequent 
decryption of the remaining encrypted part. 

19. (Previously Presented) The method of Claim 18, further comprising signing the data 
block at the sender facility. 
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20. (Previously Presented) The method of Claim 18, wherein the sending at the sender 
facility comprises sending the data block to the key facility, and wherein the method further 
comprises at the key facility receiving the data block and forwarding the data block to the 
receiver facility. 

21. (Previously Presented) The method of Claim 20, further comprising, at the key 
facility, logging receipt of the data block. 

22. (Previously Presented) The method of Claim 18, wherein the sending at the sender 
facility comprises sending the data block to the receiver facility, and wherein the method further 
comprises, at the receiver facility, receiving the data block. 

23. (Previously Presented) The method of Claim 22, further comprising, at the key 
facility, logging receipt of the third encrypted part. 

24. (Previously Presented) The method of Claim 18, further comprising, at the key 
facility, logging receipt of the request for decryption of the third encrypted part as proof of 
delivery of the data block to the receiver facility. 

25. (Previously Presented) The method of Claim 24, further comprising, at the sender 
facility, requesting proof of delivery information from the key facility. 

26. (Previously Presented) The method of Claim 18, wherein the key facility is a trusted 
third party. 

27. (Previously Presented) A data transfer system comprising: 

a key facility; 

a sender facility configured to communicate with the key facility, the sender 
facility including a first encryption module configured to encrypt data for an intended 
recipient, a partitioning module configured to split the data into encrypted parts such that 
no part is decryptable on its own, a second encryption module configured to encrypt at 
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least one of the parts for the key facility so as to produce a further encrypted part, a 
combiner configured to combine the further encrypted part and a remaining encrypted 
part so as to produce a data block, a signature module configured to sign the data block, 
and a first transmitter configured to send the data block to the key facility; and 

a receiver facility configured to communicate with the key facility, the receiver 
facility comprising a receiver configured to receive the data block from the key facility, 
and a command module configured to request decryption of the further encrypted part by 
the key facility; 

wherein the key facility further comprises a receiver configured to receive the data 
block from the sender facility and to forward the data block to the receiver facility, a first 
log module configured to log recipt of the data block from the sender facility, a second 
log module configured to log receipt of the decryption request from the receiver facility as 
proof of delivery of the data block to the receiver facility, a first decryption module 
configured to decrypt the further encrypted part after receipt of the request from the 
receiver facility, and a second transmitter configured to send the decrypted further 
encrypted part to the receiver facility; 

wherein the receiver facility further comprises a second decryption module 
configured to decrypt the encrypted part and the decrypted further encrypted part provided 
by the key facility; and 

wherein the sender facility fiirther comprises a delivery module configured to 
request proof of delivery information from the key facility. 

28. (Previously Presented) A data transfer system comprising: 
a key facility; 

a sender facility configured to communicate with the key facility and a receiver 
facility, the sender facility comprising a first encryption module configured to encrypt 
data for an intended recipient, a partitioning module configured to split the data into 
encrypted parts such that no part is decry ptable on its own, a second encryption module 
configured to encrypt at least one of the parts for the key facility so as to produce a further 
encrypted part, a combiner configured to combine the further encrypted part and a 
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remaining encrypted part so as to produce a data block, a signature module configured to 
sign the data block, and a first transmitter configured to send the data block to the 
receiver facility; 

wherein the receiver facility is configured to communicate with the key facility 
and the sender facility, and the receiver facility comprises a receiver configured to receive 
the data block from the sender facility, and a command module configured to request 
decryption of the further encrypted part by the key facility; 

wherein the key facility further comprises a log module configured to log receipt 
of the further encrypted part, a first decryption module configured to decrypt the further 
encrypted part after receipt of the request from the receiver facility, and a second 
transmitter configured to send the decrypted further encrypted part to the receiver facility; 
and 

wherein the receiver facility further comprises a second decryption module 
configured to decrypt the encrypted part and the decrypted further encrypted part provided 
by the key facility. 

29. (Previously Presented) A method of transferring data, comprising: 
at a sender facility: 

encrypting data for an intended recipient, splitting the data into encrypted 
parts such that no part is decry ptable on its own, encrypting at least one of the 
parts for a key facility so as to produce a further encrypted part, combining the 
further encrypted part and a remaining encrypted part so as to produce a data 
block, signing the data block and sending the data block to the key facility; 
at the key facility: 

receiving the data block from the sender facility, forwarding the data block 
to the receiver facility, and logging receipt of the data block from the sender 
facility; 

at a receiver facility: 

receiving the data block from the key facility, and requesting decryption of 
the further encrypted part by the key facility; 
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at the key facility: 

logging receipt of the decryption request from the receiver facility as proof 
of delivery of the data block to the receiver facility, decrypting the further 
encrypted part after receipt of the request from the receiver facility, and sending 
the decrypted further encrypted part to the receiver facility; 
at the receiver facility: 

decrypting the encrypted part and the decrypted further encrypted part 
provided by the key facility; and 
at the sender facility: 

requesting proof of delivery information from the key facility. 

30. (Previously Presented) A method of transferring data, comprising: 
at a sender facility: 

encrypting data for an intended recipient, splitting the data into encrypted 
parts such that no part is decryptable on its own, encrypting at least one of the 
parts for a key facility so as to produce a further encrypted part, combining the 
further encrypted part and a remaining encrypted part so as to produce a data 
block, signing the data block and sending the data block to a receiver facility; 
at the receiver facility: 

receiving the data block from the sender facility, and requesting decryption 
of the further encrypted part by the key facility; 
at the key facility: 

logging receipt of the further encrypted part, decrypting the further 
encrypted part after receipt of the request from the receiver facility and sending 
the decrypted further encrypted part to the receiver facility; 
at the receiver facility: 

decrypting the encrypted part and the decrypted further encrypted part 
provided by the key facility. 
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